[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIG] Re: How to identify a Unix machine....



Raju Mathur rearranged electrons thusly:

> Nah, don't bother with running nmap, you may get caught.  Just use
> nslookup to list out all the domains using one of TIL's DNS servers.
> Yes, they permit zone transfers from unauthorised hosts.  No, they're

not all do.  and nmap also lists open ports.

> I guess it won't take more than an hour or so to get r00t on any of
> their servers either.

... using readymade rootkits, far less, I expect.  Especially as the hacks to
get into default deadrat^W redhat setups are quite well documented.
_Especially_ if they have configured sendmail etc with linuxconf (and left
linuxconf open to all).

> Security?  What's that?
> /me's clue-o-meter reads below zero.
 
If they are running such misconfigured boxes, I have rather strong suspicions
that their server logs are read by one Mr.Dave Null (aka /dev/null), most of
the time.

-- 
Suresh Ramasubramanian + mallet<@>efn.org
  You spamma my mailbox, I nukea da ass